CONTRIBUTE TO OUR LEGAL DEFENSE

If you accept cookies from this site, you will only be shown this dialog once!You can press escape or click on the X to close this box.

Register a free account to unlock additional features at BleepingComputer.com

Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

My computer takes me elsewhere

I installed Emsisoft(30 day free trial after that 40 Dollars/year) and they found 49 threats. 2 left they told me to go on thier forum to ask them to remove them manually. Still awaiting their anwer. In the meantime I still have the same problem, altough not as bad but still either I am taken to another page (same pages like LOCALDOUBLE.COM) or a page is simply "added" to the one I am trying to open.

Also have a virus I need to shake that prevents automatic updates.

Dowloaded free ANTIVIR.
But not enough.

Tried to download AVAST and KASPERSKY but both are incompatible with my free antivirus and both ask me to remove it first.

Also I am oftentimes taken to pages that "offer me antivirus help" without my looking for them first (Spam).
Either the 2 viruses left cause the problem or I have some more that Antivir and Emsisoft did not detect.

I need 3 ANTIVIRUS that a compatible together. preferably FREE.
or at least 1 I buy and 2 free that are all compatible together.
Please help!!!

Edited by hamluis, 12 April 2011 - 10:14 AM.Moved from XP to Am I Infected.

BC AdBot (Login to Remove)

Before doing anything if you have not already done so, you should back up all your important documents, personal data files and photos to a CD or DVD drive as some infections may render your computer unbootable during or before the disinfection process. The safest practice is not to backup any files with the following file extensions: exe, .scr, .ini, .htm, .html, .php, .asp, .xml, .zip, .rar, .cab as they may be infected.

If 'Suspicious' objects are detected, you will be given the option to Skip or Quarantine. Skip will be the default selection. Leave it as such for now.

A log file named TDSSKiller_version_date_time_log.txt will be created and saved to the root directory (usually Local Disk C:).

Copy and paste the contents of that file in your next reply.

-- For any files detected as 'Suspicious' (except those identified as Forged to be cured after reboot) get a second opinion by submitting to Jotti's virusscan or VirusTotal. In the "File to upload & scan" box, browse to the location of the suspicious file and submit (upload) it for scanning/analysis.

Malwarebytes' may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

After completing the scan, a log report will open in Notepad.

The log is automatically saved and can be viewed by clicking the Logs tab .

Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.

Exit Malwarebytes' when done.

Note: If Malwarebytes' encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes' from removing all the malware.

IMPORTANT NOTE: Using more than one anti-virus program is not advisable. Why? The primary concern with doing so is due to conflicts that can arise when they are running in real-time mode simultaneously and issues with Windows resource management. Even if one of them is disabled for use as a stand-alone scanner, it can affect the other and cause conflicts. Anti-virus software components insert themselves into the operating systems core and using more than one can cause instability, crash your computer, slow performance and waste system resources. When actively running in the background while connected to the Internet, they both may try to update their definition databases at the same time. As the programs compete for resources required to download the necessary files this often can result in sluggish system performance or unresponsive behavior.

Each anti-virus may interpret the activity of the other as suspicious behavior and there is a greater chance of them alerting you to a "False Positive". If one finds a virus or a suspicious file and then the other also finds the same, both programs will be competing over exclusive rights on dealing with that virus or suspicious file. Each anti-virus may attempt to remove the offending file and quarantine it at the same time resulting in a resource management issue as to which program gets permission to act first. If one anit-virus finds and quarantines the file before the other one does, then you encounter the problem of both wanting to scan each other's zipped or archived files and each reporting the other's quarantined contents. This can lead to a repetitive cycle of endless alerts that continually warn you that a threat has been found when that is not the case.

Anti-virus scanners use virus definitions to check for malware and these can include a fragment of the virus code which may be recognized by other anti-virus programs as the virus itself. Because of this, many anti-virus vendors encrypt their definitions so that they do not trigger a false alarm when scanned by other security programs. Other vendors do not encrypt their definitions and they can trigger false alarms when detected by the resident anti-virus. Further, dual installation is not always possible because most of the newer anti-virus programs will detect the presence of others and may insist they be removed prior to download and installation of another. If the installation does complete with another anti-virus already installed, you may encounter issues like system freezing, unresponsiveness or similar symptoms while trying to use it.

To avoid these problems, use only one anti-virus solution.

Anti-virus vendors recommend that you install and run only one anti-virus program at a time

The Rootkit killer detected one threat:Rootkit.Win32.TDSS.td14It asked me to CURE it and to reboot which I did.I checked again with a second scan to make sure it was gone and it was!!! They said "No threat detected".Now when I go on the Internet, I can browse again, without being redirected. (Hopefully it stays that way!!!)

Malewarebytes was finally able to FIND suspicious objects (Which it did not previously): below is the log:

******But before you view it, I still have a problem with my Windows Security Center that tells me that my automatic updates IS TURNED OFF (which of course is not; it is some OTHER virus that does that. When I try to go on Microsoft help website to correct that/download updates, the virus RESETS the connection and I can't go there.Do you have any idea how to SHAKE this particular virus? Thanks! :-)

*******You said that several antivirus downloaded might consider each other as threats. I understand.On top of having Emsisoft free 30 day trial, I have a free antivirus (Antivir) I downloaded Windows Defender too.Tell me what do you think. Shall I buy the license for Emsisoft after the 30 day trial?Thanks! :-)

LOG: (note: this log was before I took action. I quarantined and removed all items.)====

This particular malware alters the MBR of the system drive to ensure persistent execution of malicious code. Essentially, it overwrites the MBR of the hard disk with its own code and stores a copy of the original MBR at another sector using rootkit techniques to hide itself. For more specific analysis and explanation of the infection, please refer to:

Rescan again with Malwarebytes Anti-Malware (Quick Scan) in normal mode and check all items found for removal. Don't forgot to check for database definition updates through the program's interface (preferable method) before scanning and to reboot afterwards. Failure to reboot normally will prevent Malwarebytes' from removing all the malware. When done, click the Logs tab and copy/paste the contents of the new report in your next reply.

The database in your previous log shows 6326. Last I checked it was 6361.

If using Mozilla Firefox, you will be prompted to download and use the ESET Smart Installer. Just double-click on esetsmartinstaller_enu.exe to install.

Vista/Windows 7 users need to run Internet Explorer/Firefox as Administrator. To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run As Administrator from the context menu.[/color][/i]

Click the green button.

Read the End User License Agreement and check the box:

Check .

Click the button.

Accept any security warnings from your browser and allow the download/installation of any require files.

The scan will take a while so be patient and do NOT use the computer while the scan is running. Keep all other programs and windows closed.If given the option (when threats are found), choose "Quarantine" instead of delete.

When the scan completes, push

Push , and save the file to your desktop as ESETScan.txt.

Push the button, then Finish.

Copy and paste the contents of ESETScan.txt in your next reply.

Windows Security Center that tells me that my automatic updates IS TURNED OFF of course is not; it is some OTHER virus that does that

Yes malware can disable it but so can some anti-virus programs to prevent conflicts, duplicate warnings and allow them to manage control of the Security Center. Installing/uninstalling several anti-virus programs could create a mess in the registry where the keys are kept.

Shall I buy the license for Emsisoft after the 30 day trial?

Emsisoft (a-squared) products are prone to "false positives" and they even acknowledge this.

...Sometimes security software falsely identifies important crucial system components as a threat (hence the term False Positives - FP).

Removing/deleting critical system files, even temporarily, can make a system crash. Sometimes the system will recover after a reboot, and sometimes it will not. Therefore, you may not be able to start your system. Special system restore measures may be needed, or even a full system re-installation...If detections are FP's, you run the risk of rendering your system inoperable...

...the Anti-Malware Scanner looks for files, folders, registry entries and Tracking Cookies that are typically created by Spyware programs. Traces are exactly these trails that Spyware leaves behind...This approach has both advantages and disadvantages for Malware recognition...The negative side is that it provides a relatively inexact, or insufficiently differentiated to be more precise, Malware recognition. Benign software can be falsely recognized, for example, if it uses the same file name or folder as a dangerous Spyware program.

Software discovered via Traces should therefore first be double-checked to see if it is actually Malware before it is finally deleted...

If you're going to use Emsisoft (a-squared) products, get a second opinion on suspicious or questionable file detections by submitting them to Jotti's virusscan or VirusTotal. In the "File to upload & scan" box, browse to the location of the suspicious file(s) and submit (upload) it for scanning/analysis. If there are multiple file detections you're not sure about, then perform an Online Virus Scan like ESET or Kaspersky.

If you suspect the detection was a false positive, then report it to Emsisoft Support so they can investigate or submit samples to their research lab.

Since we last talked, I scanned one last time with Emsisoft free 30 day trial version: they removed all threats but 2.
Then I removed Emsisoft, after reading that Emsisoft caused many good programs not to work, and replaced it with Superantispyware.

Removing Emsisoft helped my Windows Defender do a scan (finally, before it would not work).

After that I scanned with my Antivir and with Superantispyware; both could not remove 2 items: the same 2 items Emsisoft could not remove! These 2 items are still there.)

Then I tried to download Microsoft Fixit program because my Windows Security Center still tells me to turn my automatic updates on, which they are on, but somehow the virus prevents them from turnin on.

Some infections are difficult to remove completely because of their morphing characteristics which allows the malware to regenerate itself or infect critical system files which cannot be cleaned. Sometimes there is an undetected hidden piece of malware such as a rootkit which protects malicious files and registry keys so they cannot be permanently deleted. Disinfection will probably require the use of more powerful tools than we recommend in this forum. Before that can be done you will need you to create and post a DDS log for further investigation.

If you cannot complete a step, then skip it and continue with the next.

In Step 7 there are instructions for downloading and running DDS which will create a Pseudo HJT Report as part of its log.

When you have done that, post your log in the Virus, Trojan, Spyware, and Malware Removal Logs forum, NOT here, for assistance by the Malware Response Team Experts. A member of the Team will walk you through, step by step, on how to clean your computer. If you post your log back in this thread, the response from the Malware Response Team will be delayed because your post will have to be moved. This means it will fall in line behind any others posted that same day.

Start a new topic, give it a relevant title and post your log along with a brief description of your problem, a summary of any anti-malware tools you have used and a summary of any steps that you have performed on your own. An expert will analyze your log and reply with instructions advising you what to fix. After doing this, please reply back here with a link to the new topic so we can closed this one.

Note: If you cannot create any logs, then still start a new topic, explain that you followed the Prep Guide but were unable to create the required logs. It would also be helpful if you include a description of what happened when you tried to create your logs.

I cannot find my yesterday reply (with all my scan logs) on the "Virus, Trojan, Spyware Forum." SO THAT I COULD FOLLOW UP WITH YOU AND KNOW WHAT TO DO.

Reason is my computer behaved strangely after I started scanning with Antivir, (about 15 minutes ago), which found all kinds of threats.

(they would not let me read the entire names of the threats; all I could see was the beginning of the names:DMD Bancos Keylogger that captures... criticalCNNIC Update U a program that downloads... Very highV Malum AWS Trojan Any program with... HighAdvanced Stealth "email R. criticalLd PinchV Keylogger that captures... critical

then my Windows Security UPdate would try to make me buy the full version or continue unprotected. they came with a windows that said "mpcmdrun.exe is damaged"

And when I tried to go ON THIS FORUM, they told me that this site was a dangerous site with dangerous dowloads.I dare not LOG INTO this other LOGIN ACCOUNT I created on my computer!

That is why I replied on this topic. I had bookmarked the link on the other USER ACCOUNT on my computer...

==========

I am addign this extra information on WEDNESDAY 20 APRIL 2011:I believe that the scan above WAS A FAKE SCAN FROM A VIRUS, which virus I have encountered before, ever since I got infected.

I tried to log on my old user name but the virus is still there and won't let me open ANY PROGRAM, so I DUMPED the account.

Bottom line I still have some kind of infection that prevents me from downloading critical AUTOMATIC UPDATES.Please tell me what to do. :-)

I did not realize you posted your logs under the user Naniwazu1 which explains why I could not find it.

That topic is here. When someone replies with assistance, you should be able to reply with any user name so there is no need to start a new thread. However, be sure to advise the helper you are the same poster as the one who started the topic and why you changed user names.

Please DO NOT "bump" your post or make another reply until it has been responded to by a member of the Malware Response Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another Malware Response Team member is already assisting you and not open the thread to respond. I removed your subsequent reply for the reasons indicated so it shows 0 replies again.

I am still waiting for an answer from you regarding my automatic updates which won't turn on.

My defogger is still disabled and I NEED to use this computer function.

My problem boils down to automatic updates which won't turn on. I know it's a VIRUS.
That same virus is what I believe what DISABLED my antivirus AVAST and made this program unable to connect to the Internet!!!

(Tried to RE ENABLE DEFOGGER but I receive AN ERROR MESSAGE that says " DEFOGGER - ERROR" UNABLE TO OPEN FILE.

While we understand your frustration at having to wait, please note that Bleeping Computer deals with several hundred requests for assistance such as yours on a daily basis. As a result, requests for help are not always answered in a timely manner. Although our staff work on hundreds of requests each day, they are all volunteers who contribute to helping members as time permits. No one is paid by Bleeping Computer for their assistance to our members.

New and more devious malware infections are released almost daily. It then takes time to investigate, analyze and test removal techniques before we can help members like yourself. Doing that means that we sacrifice speed of response for a quality response that will help remove the malware more effectively.

Further, our First Responder staff is comprised of team members with various levels of skill and expertise to deal with thousands of malware variants, some more complex than others. Not all staff members have access to or are familiar with every type of operating system version...some may only have Windows XP as they cannot afford to upgrade while others may only have Vista or Windows 7.

Although your topic looks lost in the queue of many pages where others have posted for help since you did, please be patient. It may take a while to get a response but your topic will be answered as soon as possible.

Quote:
Some unexpected errors have happened to software you recently used. You were not asked to send these error reports at the time they occurred. TO help improve the software you use, Microsoft is interested in learning more about these errors. We ahve created reports about the errors for you to send to us. The reports will be treated as confidential and anonymous.
Send report now.
Unquote

They gave me this report telling me that it was 2 MALWARE PROGRAMS that were doing it.